Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Best-practice to redistribute NAT entries into OSPF

I have several different subnets that are all either NAT'd or accessible via a VPN. There's no actual route on the ASA to the addresses, and they're not directly connected, eliminating the usual redistribution commands.

What is the best-practice for redistributing such entries into an OSPF area? In the past, I've had static entries on the upstream firewall, allowing the rest of the network to see this. I'm trying to get rid of as many static routes as possible (or at least make them a floating route so as to provide backup should something in OSPF fail), but am having difficulty figuring out how to redistribute these into the OSPF area.

I can't use a summary-address command as there's no external routes that are being redistributed. The area range command is out as I don't have a separate area that routes are being redistributed from.

One thought I've had is to create a static null route for each subnet (allowing me to redistribute static, and have the static entries only on the originating box), but I imagine rather than NAT'ng or open the site-to-site VPN, it would discard traffic (as the destination is null).

Any ideas on what to do when you have "imaginary" addresses that don't exist anywhere but in NAT entries or that's defined as interesting traffic for a site-to-site VPN?

Thanks in advance.

CreatePlease to create content